Tuesday, July 25, 2023
- Authentication and Authorization in Microservices
Authentication in microservices involves two main occasions:
- authentication required when end users communicate with services.
- authentication happens between internal services.
- authentication needed when external services enter internal services.
OAuth 2.0 provides the industry-standard protocol for authorizing users in distributed systems. The OAuth framework reduces the burden on developers, eliminating duplications to build their own authentication mechanism in each microservice.
Authentication & Authorization in Microservices Architecture - Part I
https://auth0.com/docs/get-started
-
User registration flow in microservice
-
Communication between microservices
Share user data between micro services
User service and Comment service
populate user data into Comment service, save user data in comment service, update user data in comment service
https://stackoverflow.com/questions/67543408/microservices-storing-user-data-in-separate-database
Ideally, the client communicates with the each service directly, and no interaction between the services!
However, there is the need for communication between these services.
For example, o what happens if a user deletes his account? What if you delete a TV show? You probably want to trigger some events that will update the data in your comment microservice. In the long run you want to keep everything "eventually consistent".
The event-driven architecture comes up!
- Data retrieved from two or more services
For example, you send a request from UI saying "give me comments with usernames",
GraphQL interface then first issues a request to comments service, then to user service and finally sends one response with combined data
NOTE: issue a number of requests to various micro-services to collect all the data and return it in only 1 response
Rest needs to send many.